Developer documentation
Build against the verified API, hosted checkout, and signed webhook flow.
Who this is for
This section is for developers building a server-side integration against the Outpay public v1 API. If you only need a shareable payment link with no code, see the merchant guide instead.
Checkouts
Create, redirect, read, expire, and reconcile a hosted checkout.
Webhook verification
Verify the raw request body before fulfilling an order.
Idempotency
Retry checkout creation without creating duplicate payment requests.
Production checklist
Review the controls required before a real integration goes live.
The recommended lifecycle
- Create an API key with only the scopes your server needs.
- Create one checkout per merchant order, with a stable idempotency key derived from your order ID.
- Redirect the customer to the returned
paymentUrl. - Verify the signed
checkout.paidwebhook on your server and fulfil the order exactly once. - Poll the checkout or list payments for reconciliation and support tooling — never as your primary fulfilment signal.
Do not trust the redirect
Success and cancellation URLs are customer navigation events, not payment proof. A customer can close the tab, or an attacker can guess the success URL. Fulfil only from a verified webhook or a server-side status read.
Related documentation
- API reference — the strict endpoint contract.
- Webhooks — event types, signing, and delivery behaviour.
- Testing — validate your integration before going live.